Bank of England Tests Cybersecurity Resilience with War Game Exercises

The Bank of England (BoE) is conducting cyberattack war game exercises in order to test the resilience of the UK’s financial system in the wake of an attack.

The tests have been designed by the BoE with input from the Government Communications Headquarters’ (GCHQ)’s National Cyber Security Centre.

The Treasury, UK Finance and the Financial Conduct Authority are among the 40 agencies and enterprises taking part in the war games.

The Bank of England said in a release: “This exercise forms a vital part of the sector wide biennial process that seeks to ensure the industry is prepared for and can respond effectively to any major disruption stemming from a cyber Incident, protecting the financial system on which the public relies.”

“The exercise will help authorities and firms identify improvements to our collective response arrangements, improving the resilience of the sector as a whole.”

Bank of England Tests

The BoE war-games will act as a penetration and cyber stress test for financial services and the larger institutions that maintain the industry.

Any disruption to the financial service sector could have major repercussion for the economy as a whole, due to more and more of consumer purchases been done in a cashless manner.

Greg Day VP and CSO EMEA at Palo Alto Networks said in an emailed statement: “It’s always great to see organisations such as the Bank of England test capabilities of the sector, especially in light on increasing regulatory requirements such as GDPR around notification.”

“It’s always important such exercises span across all business functions. These should be both a technical but also business response test.”

Breaches within the banking sector do happen, as is evident with the admittance this week by HSBC that some of their US customers’ bank accounts had been hacked in October.

HSBC have commented that the information obtained in the breach may include customers full name, phone number, email address, account number, balance transaction history and payee account information.

Jake Moore cyber security expert at ESET UK added in an emailed statement to Computer Business Review: “Anything that improves cyber response is a thumbs up from me.”

“Cyber attacks aren’t a possibility, they are an eventuality so we will never have enough people, systems or money to prevent or detect an attack. Therefore, you need to invest in training as well as multiple prevention techniques to make it work. However, it is not always as simple as that, so making training engaging and even fun adds impact to the way it sinks in and quickly makes it second nature.”